We posed Michèle a set of questions around blockchain, regulation and the General Data Protection Regulation (GDPR) set to come in effect on 25 May 2018.

Here’s what she had to say…

Simpleweb: Can you tell me a little bit about your background and how you got into the blockchain regulation space?

Michèle Finck: I’m particularly interested in the intersection between law, technology and innovation and focus on how technological change triggers legal change. One of the topics I am interested in is legal automation. Right now I am finishing a monograph on Blockchain Regulation and Governance in the EU, which will be published by the Cambridge University Press in 2018.

I got into the blockchain regulation space because of my prior work on digital platforms and the sharing economy. In the context of that research, I was reading about blockchains one day, started reading more and just fell down the rabbit hole!

SW: How has your view changed since entering the blockchain space? Has your view evolved throughout your journey?

MF: I first started working on blockchains about a year and a half ago, when less people had heard about the tech, all possible use cases were imagined, and crypto asset prices were climbing relentlessly.

I feel like, very slowly, hype and hybris are leaving some more room for critical engagement. In a way this move from hype to reality, which has just timidly started, is an entirely natural phenomenon. Carlota Perez for instance has shown that this is a natural evolution in respect of every technological revolution. A crucial question for the years to come will be whether and how these virtual systems can be made interoperable with the real world. More and more people are starting to realise this and whether they, in fact, are a technological revolution or whether they just can’t live up to their declared objectives.

I’ve always been enthusiastic about some aspects of the technology and its use cases and sceptical about others though. I don’t think that has changed.

SW: To what extent are blockchain technologists responsible for regulation?

MF: This depends on your definition of regulation. Right now, permissionless blockchains are self-regulating to the extent that the rules of the game are set by the community itself (subject to the respective governance processes of the specific blockchain). For example, Bitcoin is often presented as free of regulation whereas it is, in fact, heavily regulated – by developers, not the State.

The government’s interests in exerting regulatory influence will largely depend on the scale of adoption. If and when blockchains become more widely adopted, we will see increased efforts by governing states and the EU to make sure that these rules are irrespective of existing laws and public policy objectives. This is what will determine whether legislative amendment is needed or not. If a self-regulatory or co-regulatory solution is adopted, technologists will still be involved in that process to a certain degree but they won’t be acting alone.

SW: Has the co-regulation approach to regulation been tried in other areas/disciplines?

MF: Co-regulation is a regulator strategy situated in between self-regulation and command-and-control regulation. It has the advantage of bringing both industry and governing states to the same table to adopt regulation that is respectful of public policy objectives. In the EU, co-regulation has been relied upon in relation to the internet – and the EU’s recent initiative on the free movement of non-personal data in the Union also echoes elements of co-regulation.

I have suggested that a revised form of co-regulation (‘polycentric co-regulation’) should be used in regard to digital platforms. This form of regulation should bring more stakeholders to the table and leverage the particularities of technology at the law-making, implementation and enforcement stage. In my forthcoming book I reflect on this regulatory strategy in relation to blockchains.

SW: Have you read ‘Attack of the 50 foot blockchain’ yet? (A book that is very critical of the blockchain hype.)

MF: Yes, I read it a while ago and thought it made some interesting points. Generally I’d say that critical voices are important as they keep the debate honest and make clear that while blockchains and the vision associated with them have many positive aspects, they also create risks which should be factored into discussions from the beginning.

SW: If Brexit happens and the UK becomes a small independent state, what sort of opportunities might there be regarding independent regulation of blockchain technology? Could we become the ‘Blockchain Island’?

MF: There have been voices in the UK that say that lax regulation should be used to create incentives for blockchain companies to move to the UK. Similar discussions are currently occurring in many other states.

Until now experience with such schemes have shown that incentives, such as low taxes, can fulfil their objective to some degree. Whether they are successful in the long-term remains to be seen as, for a ‘Blockchain Island’ to emerge, regulatory incentives aren’t sufficient in my opinion.

You need good regulation rather than lax regulation. If you look at the internet economy, for example, players haven’t settled where there are the lowest regulatory requirements, but rather where there are solid ecosystems, a highly-skilled workforce and stable institutional frameworks. History repeats itself and it likely will here too. Depending on the specific Brexit deal that is finally reached, the UK will be more or less divorced from the EU’s internal market, which will be a considerable disadvantage for any economic actor settling there, and this is no different for those using blockchains.

SW: Do you think the recent revelations from the Cambridge Analytica whistleblower have any implications for the world of blockchain and regulation?

MF: I think it’s a bit too early to tell, really. Such little time after these revelations, some people seem to want to distance themselves from Facebook and there has been lots of discussions around blockchain-based self-sovereign identity solutions or the tokenisation of social media. What the debate will look like in a few months is difficult to predict and users may just choose to forget and to trust Facebook.

Whether the alternative systems mentioned above will be used also depends on how viable they would be beyond the proof-of-concept stage and there isn’t yet enough evidence to tell. Tokenisation also doesn’t solve everything – just think of the newspaper subscriptions you pay for, which still use your data.

Concerning regulation, I think that the controversies surrounding digital platforms, especially GAFA, in general have made observers and regulators realise that it is very difficult to regulate a technology once it has matured, which I think explains some of the interest in blockchain regulation at this early stage of its development.

SW: How can we reconcile the demand from the state to protect the public, with blockchain technologists’ (or technologists in general) desire to innovate and test the limit of new technology?

MF: The magic word here is regulation. States essentially intervene by passing law to protect public policy objectives where the private sector fails to do so, which it often does because it simply doesn’t have the right incentives.

I’m often asked how regulators should approach blockchain technology in these early stages. This is not an easy question as there are so many unknowns, not least whether blockchains are viable in their present form and what future mutations would look like. A general solution is for regulators to stand firm on their duty to protect public policy objectives while providing incentives, flexibility and help for technologists wanting to develop the technology in a manner respective of these objectives. In my book I discuss a number of regulatory techniques that can help achieve that goal.

SW: Is the upcoming GDPR a saint or curse for blockchain technologies? Do you have any examples of either viewpoint?

MF: You can adopt either position. Right now, there is a lot of debate regarding the tension between the technology and GDPR as it remains unclear how many provisions of this legal framework, designed for centralised data silos, can be transposed to blockchains’ decentralised data collection, storage and processing.

How and whether this tension will be resolved remains to be seen. You could argue that GDPR is bad for blockchains due to the currently prevailing lack of legal certainty. On the other hand, the GDPR may very well be good for blockchains in the long run as the legal framework will force the technology to develop in a manner that secures data protection, which simply isn’t the case right now. We are already starting to see this materialise with many projects seeking to design technology and use cases that are explicitly GDPR compliant and privacy protecting.

What burdens such projects is a lack of certainty as to what you actually need to do to make your product compliant with the GDPR. I’m hoping that through interdisciplinary research and regulatory guidance this will become clearer soon.

We’d like to say a huge thanks to Michèle for answering our questions around the blockchain regulatory environment and the GDPR. You can follow Michèle on Twitter for the latest updates.